package com.berchen.config;

import at.pollux.thymeleaf.shiro.dialect.ShiroDialect;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.LinkedHashMap;
import java.util.Map;

//@Configuration
public class ShiroConfig {

    /**
     * 安全管理器 SecurityManager
     * @param myRealm
     * @return
     */
    @Bean
    public SecurityManager securityManager(Realm myRealm){
        DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
        defaultWebSecurityManager.setRealm(myRealm);
        return defaultWebSecurityManager;
    }

    /**
     * 自定义Realm 完成认证和授权
     * @return
     */
    @Bean
    public Realm myRealm(){
        return new MyRealm();
    }

    /**
     * shiro的过滤器 ，定义shiro 的规则拦截
     * @param securityManager
     * @return
     */
    @Bean
    public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager){

        ShiroFilterFactoryBean factoryBean=new ShiroFilterFactoryBean();
        factoryBean.setSecurityManager(securityManager);
        // 如果没有登录就会跳到这个请求
        factoryBean.setLoginUrl("/");
        // 登录成功就会去到这个请求
        factoryBean.setSuccessUrl("/success");
        // 没有权限时转向的请求地址
        factoryBean.setUnauthorizedUrl("noPermission");

        // 配置拦截器规则
        Map<String,String> map=new LinkedHashMap<>();

        // anon 表示不需要登录就可以访问
        map.put("/login","anon");
        // logout 登出后会清空当前用户的内存
        map.put("/logout","logout");

        // admin 请求需要登录才能访问，而且还需要admin角色才能使用
//        map.put("/admin","authc,roles[admin]");

        // authc 表示需要登录认证
        map.put("/**","authc");

        factoryBean.setFilterChainDefinitionMap(map);
        return factoryBean;
    }

    /**
     * 开启shiro 的注解支持
     * @RequiresRoles()
     * @RequiresPermissions()
     * @return
     */
    @Bean
    public DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator(){

        DefaultAdvisorAutoProxyCreator creator=new DefaultAdvisorAutoProxyCreator();
        creator.setProxyTargetClass(true);
        return creator;
    }

    /**
     * 开启AOP的支持
     * @param securityManager
     * @return
     */
    @Bean
    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager){
        AuthorizationAttributeSourceAdvisor advisor=new AuthorizationAttributeSourceAdvisor();
        advisor.setSecurityManager(securityManager);
        return advisor;
    }

    /**
     * 开启shiro标签和Thymeleaf集成
     * @return
     */
    @Bean
    public ShiroDialect shiroDialect(){
        return new ShiroDialect();
    }


}
